CVE-2022-35016: 
NixOS vulnerability analysis and mitigation

A heap buffer overflow vulnerability was discovered in Advancecomp version 2.3, identified as CVE-2022-35016. The vulnerability was first reported on July 4, 2022, affecting multiple versions of the software across various Linux distributions (NVD, CVE Mitre).

The vulnerability is classified with a CVSS 3.1 Base Score of 5.5 (Medium severity). The attack vector is Local, with low attack complexity, requiring no privileges but user interaction. The scope is unchanged, with no impact on confidentiality and integrity, but high impact on availability (Ubuntu Security).

The primary impact of this vulnerability is related to denial of service. If a user is tricked into opening a specially crafted ZIP file, an attacker could potentially exploit this vulnerability to cause AdvanceCOMP to crash (Ubuntu Security Notice).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has released fixes across multiple versions: Ubuntu 22.10 (2.3-1ubuntu0.22.10.1), Ubuntu 22.04 LTS (2.1-2.1ubuntu2.1), Ubuntu 20.04 LTS (2.1-2.1ubuntu0.20.04.1), Ubuntu 18.04 LTS (2.1-1ubuntu0.18.04.3), and Ubuntu 16.04 LTS (1.20-1ubuntu0.2+esm2). Debian has also addressed this in version 2.5-1 for sid, trixie, and bookworm releases (Ubuntu Security Notice, Debian Security Tracker).